The document outlines the goals and requirements of a course project on access control. The project involves developing solutions to access control issues at multiple locations of an organization. Students must develop an access control policy framework and implement appropriate access controls across the organization's IT infrastructure to ensure confidentiality, integrity, and availability of systems and data. The project involves writing a report and creating a PowerPoint presentation addressing the learning objectives and solutions developed.
Project Access Control ProposalPurposeThis course project i
1. Project: Access Control Proposal
Purpose
This course project is intended to assess your ability to
comprehend and apply the basic concepts related to information
security management, such as the following:
The ability to discern when a risk assessment should be
performed and carrying out the task
Understanding user or customer access requirements, whether
remote or local
Using a layered security approach to establish and maintain
access controls
Working with other departments, such as the human resources
department, to identify and implement methods to prevent
unwarranted exposure to information by inappropriate personnel
Your ability to execute the tasks within these information
security domains and others will be evaluated against the
learning objectives as identified and described in previous
lessons of instruction for this course. Required Source
Information and Tools
Web References: Links to Web references in this Instructor
Guide and related materials are subject to change without prior
notice. These links were last verified on August 2, 2014.
The following tools and resources will be needed to complete
this project:
· Course textbook
· Access to the Internet
· Access to the library
· Text sheet: Integrated Distributors Incorporated
(access_project_ts_integrateddistributors)Learning Objectives
and Outcomes
Successful completion of this project will ensure that you are
capable of supporting the implementation and management of an
2. information systems security framework. To be able to do so,
you need to be able to do the following:
Relate how an access control policy framework is used to define
authorization and access to an information technology (IT)
infrastructure for compliance.
Mitigate risks to an IT infrastructure’s confidentiality, integrity,
and availability with sound access controls.
Relate how a data classification standard influences an IT
infrastructure’s access control requirements and
implementation.
Develop an access control policy framework consisting of best
practices for policies, standards, procedures, and guidelines to
mitigate unauthorized access.
Define proper security controls within the User Domain to
mitigate risks and threats caused by human nature and behavior.
Implement appropriate access controls for information systems
within IT infrastructures.
Mitigate risks from unauthorized access to IT systems through
proper testing and reporting.Project Checkpoints
The course project has a checkpoint strategy. Checkpoint
deliverables allow you to receive valuable feedback on your
interim work. In this project, you have four ungraded
checkpoint deliverables. (See the syllabus for the schedule.)
You may discuss project questions with the instructor, and you
should receive feedback from the instructor on previously
submitted work. The checkpoint deliverable ensures refinement
of the final deliverables, if incorporated effectively. The final
deliverable for this project is a professional report and a
PowerPoint presentation.
Checkpoint
Purpose of the Checkpoint
Expected Deliverables
1
· Understanding requirements
· Clarification on project deliverables
· Discussion on project concerns and progress up to this
3. checkpoint
· A review of the course project’s outline and schedule for
completion
Prepare an initial outline of issues and potential solutions and
discuss with your instructor, the chief information officer
(CIO).
2
· Clarification on project deliverables
· Discussion on project concerns and progress up to this
checkpoint
· A review of the course project’s outline and schedule for
completion
Prepare an extended outline of issues and potential solutions
and discuss with your instructor, the CIO.
3
· Clarification on project deliverables
· Discussion on project concerns and progress up to this
checkpoint
· A review of the course project’s outline and schedule for
completion
Draft the report and the PowerPoint presentation to discuss with
your instructor, the CIO.
4
· Clarification on project deliverables
· Discussion on project concerns and progress up to this
checkpoint
· A review of the course project’s outline and schedule for
completion
Modify the report and the PowerPoint presentation based on
feedback from your instructor, the
CIO.DeliverablesIntroduction
User identification, authentication, and authorization are
essential in developing, implementing, and maintaining a
framework for information system security. The basic function
of an information system security framework is to ensure the
confidentiality and the integrity, as well as the availability of
4. systems, applications, and data. Certain information security
implementation and management knowledge is required of
network administrators, IT service personnel, management, and
IT security practitioners, such as information security officers,
security analysts, and domain administrators. Scenario
You play the dual role of an IT architect and IT security
specialist working for Integrated Distributors Incorporated
(IDI), a multi-national organization with offices in several
countries. Your instructor for this course plays the role of the
chief information officer (CIO). Your peers play the role of
selected technology staff. Each of the organization’s locations
is operating with different information technologies and
infrastructure—IT systems, applications, and databases. Various
levels of IT security and access management have been
implemented and embedded within their respective
locations.Tasks
Your goals as the IT architect and IT security specialist are to:
Develop solutions to the issues that the specified location of IDI
is facing.
Develop plans to implement corporate-wide information access
methods to ensure confidentiality, integrity, and availability.
Assess risks and vulnerabilities with operating IT facilities in
the disparate locations where IDI now functions and develop
mitigation plans and implementation methods.
Analyze the strengths and weaknesses in the current systems of
IDI.
Address remote user and Web site user’s secure access
requirements.
Develop a proposed budget for the project—consider hardware,
software, upgrades/replacements, and consulting services.
Prepare detailed network and configuration diagrams outlining
the proposed change to be able to present it to the management.
Develop and submit a comprehensive report addressing the
learning objectives and your solutions to the issues within the
scenario.
Prepare a 10- to 15-slide PowerPoint presentation that addresses